jemrobinson
commented
3 months ago Let's Encrypt no longer support upper-case characters in domain names (see here). I'll put out a fix for this.
Closed J0shev closed 3 months ago
jemrobinson
commented
3 months ago Let's Encrypt no longer support upper-case characters in domain names (see here). I'll put out a fix for this.
jemrobinson
commented
3 months ago @J0shev : If you're able to check out the branch 1938-ssl-certificate-error could you let me know whether this fixes your problem?
J0shev
commented
3 months ago @J0shev : If you're able to check out the branch
1938-ssl-certificate-errorcould you let me know whether this fixes your problem?
@jemrobinson This seems to have done the job! Thank you.
jemrobinson
commented
3 months ago Great - let me know when you've had a chance to check that the full deployment works and we can tag a patch version with this fix.
jemrobinson
commented
3 months ago Closed by #1939.
jemrobinson
commented
2 months ago @J0shev: The fix for this issue is in release v4.2.2.
:white_check_mark: Checklist
:computer: System information
:package: Packages
List of packages
```none C:\DSH\data-safe-haven-latest\deployment> .\CheckRequirements.ps1 2024-06-17 11:03:46 [SUCCESS]: [✔] Powershell version: 7.4.1 2024-06-17 11:03:46 [SUCCESS]: [✔] Microsoft.Graph.Identity.DirectoryManagement module version: 1.21.0 2024-06-17 11:03:46 [SUCCESS]: [✔] Az.Network module version: 5.3.0 2024-06-17 11:03:46 [SUCCESS]: [✔] Az.Accounts module version: 2.15.1 2024-06-17 11:03:46 [SUCCESS]: [✔] Microsoft.Graph.Applications module version: 1.21.0 2024-06-17 11:03:46 [SUCCESS]: [✔] Az.Monitor module version: 4.2.0 2024-06-17 11:03:46 [SUCCESS]: [✔] Az.Dns module version: 1.1.2 2024-06-17 11:03:46 [SUCCESS]: [✔] Az.DataProtection module version: 0.4.0 2024-06-17 11:03:46 [SUCCESS]: [✔] Az.MonitoringSolutions module version: 0.1.0 2024-06-17 11:03:46 [SUCCESS]: [✔] Microsoft.Graph.Users module version: 1.21.0 2024-06-17 11:03:47 [SUCCESS]: [✔] Powershell-Yaml module version: 0.4.2 2024-06-17 11:03:47 [SUCCESS]: [✔] Az.Compute module version: 5.3.0 2024-06-17 11:03:47 [SUCCESS]: [✔] Az.Resources module version: 6.5.1 2024-06-17 11:03:47 [SUCCESS]: [✔] Poshstache module version: 0.1.10 2024-06-17 11:03:47 [SUCCESS]: [✔] Az.PrivateDns module version: 1.0.3 2024-06-17 11:03:47 [SUCCESS]: [✔] Az.Automation module version: 1.9.0 2024-06-17 11:03:47 [SUCCESS]: [✔] Az.RecoveryServices module version: 5.4.1 2024-06-17 11:03:47 [SUCCESS]: [✔] Az.OperationalInsights module version: 3.1.0 2024-06-17 11:03:47 [SUCCESS]: [✔] Microsoft.Graph.Authentication module version: 1.21.0 2024-06-17 11:03:47 [SUCCESS]: [✔] Az.KeyVault module version: 4.9.1 2024-06-17 11:03:47 [SUCCESS]: [✔] Az.Storage module version: 4.7.0 ```:no_entry_sign: Describe the problem
I am attempting to deploy the SRE and have encountered an issue when running Update_SRE_SSL_Certificate. The same error message occurs regardless whether I use the SRE Deployment script, or run through each step manually. I have pasted the logs below.
:deciduous_tree: Log messages
Relevant log messages
```none C:\DSH\data-safe-haven-latest\deployment\secure_research_environment\setup> .\Update_SRE_SSL_Certificate.ps1 cmdlet Update_SRE_SSL_Certificate.ps1 at command pipeline position 1 Supply values for the following parameters: (Type !? for Help.) shmId: ddrc sreId: dsg 2024-06-17 11:03:15 [WARNING]: The remoteDesktopProvider configuration option has been deprecated and will be removed in the future 2024-06-17 11:03:16 [ INFO]: [ ] Checking whether signed certificate 'sre-dsg-lets-encrypt-certificate' already exists in Key Vault... 2024-06-17 11:03:17 [ INFO]: No certificate found in Key Vault 'kv-ddrc-sre-dsg' 2024-06-17 11:03:17 [ INFO]: Preparing to request a new certificate... 2024-06-17 11:03:18 [ INFO]: Generating a certificate signing request for dsg.ddrc.exeter.ac.uk to be signed by Let's Encrypt... 2024-06-17 11:03:20 [SUCCESS]: [✔] CSR creation succeeded 2024-06-17 11:03:23 [ INFO]: Using Let's Encrypt production server! 2024-06-17 11:03:24 [ INFO]: [ ] Checking for Posh-ACME account 2024-06-17 11:03:24 [SUCCESS]: [✔] Using Posh-ACME account: 1690196877 2024-06-17 11:03:24 [ INFO]: Test that we can interact with DNS records... 2024-06-17 11:03:24 [ INFO]: [ ] Attempting to create a DNS record for dnstest.dsg.ddrc.exeter.ac.uk... VERBOSE: Publishing challenge for Domain dnstest.dsg.ddrc.exeter.ac.uk with Token faketoken using Plugin Azure and DnsAlias ''. VERBOSE: Authenticating with provided access token for tenant 5ad2ad05-49d1-4dbe-946f-f57367688a7a VERBOSE: Attempting to find hosted zone for _acme-challenge.dnstest.dsg.ddrc.exeter.ac.uk VERBOSE: Requested HTTP/1.1 GET with 0-byte payload VERBOSE: Received HTTP/1.1 1087-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: 2 zone(s) found VERBOSE: Checking _acme-challenge.dnstest.dsg.ddrc.exeter.ac.uk VERBOSE: Checking dnstest.dsg.ddrc.exeter.ac.uk VERBOSE: Checking dsg.ddrc.exeter.ac.uk VERBOSE: Querying _acme-challenge.dnstest.dsg.ddrc.exeter.ac.uk VERBOSE: Requested HTTP/1.1 GET with 0-byte payload VERBOSE: Received HTTP/1.1 184-byte response of content type application/json VERBOSE: Sending updated _acme-challenge.dnstest VERBOSE: Requested HTTP/1.1 PUT with 98-byte payload VERBOSE: Received HTTP/1.1 514-byte response of content type application/json VERBOSE: Content encoding: utf-8 2024-06-17 11:03:26 [SUCCESS]: [✔] DNS record creation succeeded 2024-06-17 11:03:26 [ INFO]: [ ] Attempting to delete a DNS record for dnstest.dsg.ddrc.exeter.ac.uk... VERBOSE: Unpublishing challenge for Domain dnstest.dsg.ddrc.exeter.ac.uk with Token faketoken using Plugin Azure and DnsAlias ''. VERBOSE: Authenticating with provided access token for tenant 5ad2ad05-49d1-4dbe-946f-f57367688a7a VERBOSE: Attempting to find hosted zone for _acme-challenge.dnstest.dsg.ddrc.exeter.ac.uk VERBOSE: Querying _acme-challenge.dnstest.dsg.ddrc.exeter.ac.uk VERBOSE: Requested HTTP/1.1 GET with 0-byte payload VERBOSE: Received HTTP/1.1 514-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: Deleting _acme-challenge.dnstest. No values left. VERBOSE: Requested HTTP/1.1 DELETE with 0-byte payload VERBOSE: Received HTTP/1.1 0-byte response of content type VERBOSE: Content encoding: utf-8 2024-06-17 11:03:27 [SUCCESS]: [✔] DNS record deletion succeeded 2024-06-17 11:03:27 [ INFO]: Sending the CSR to be signed by Let's Encrypt... VERBOSE: Publishing challenge for Domain dsg.ddrc.exeter.ac.uk with Token faketoken using Plugin Azure and DnsAlias ''. VERBOSE: Authenticating with provided access token for tenant 5ad2ad05-49d1-4dbe-946f-f57367688a7a VERBOSE: Attempting to find hosted zone for _acme-challenge.dsg.ddrc.exeter.ac.uk VERBOSE: Requested HTTP/1.1 GET with 0-byte payload VERBOSE: Received HTTP/1.1 1087-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: 2 zone(s) found VERBOSE: Checking _acme-challenge.dsg.ddrc.exeter.ac.uk VERBOSE: Checking dsg.ddrc.exeter.ac.uk VERBOSE: Querying _acme-challenge.dsg.ddrc.exeter.ac.uk VERBOSE: Requested HTTP/1.1 GET with 0-byte payload VERBOSE: Received HTTP/1.1 490-byte response of content type application/json VERBOSE: Content encoding: utf-8 2024-06-17 11:03:27 [ INFO]: [ ] Creating certificate for dsg.ddrc.exeter.ac.uk... VERBOSE: Updating directory info from https://acme-v02.api.letsencrypt.org/directory VERBOSE: Using ACME Server https://acme-v02.api.letsencrypt.org/directory VERBOSE: Using account 1690196877 VERBOSE: Order name not specified, using 'dsg.ddrc.exeter.ac.uk' VERBOSE: Creating a new order 'dsg.ddrc.exeter.ac.uk' for dsg.ddrc.exeter.ac.uk, GUACAMOLE-SRE-DSG.ddrc.exeter.ac.uk OperationStopped: Invalid identifiers requested :: Cannot issue for "GUACAMOLE-SRE-DSG.ddrc.exeter.ac.uk": Domain name contains an invalid character 2024-06-17 11:03:29 [ INFO]: Importing signed certificate into Key Vault 'kv-ddrc-sre-dsg'... 2024-06-17 11:03:29 [FAILURE]: [x] Certificate import failed! Import-AzKeyVaultCertificate: C:\DSH\data-safe-haven-latest\deployment\secure_research_environment\setup\Update_SRE_SSL_Certificate.ps1:225 Line | 225 | … lt.name -Name $certificateName -FilePath $certificateFilePath -ErrorA … | ~~~~~~~~~~~~~~~~~~~~ | Cannot bind argument to parameter 'FilePath' because it is null. ```:recycle: To reproduce